Senior Manager - Government Compliance

Yesterday

Apply Now

Receive Emails with Similar Jobs

Anthology Careers

WebsiteLinkedInAll Job Openings

recruiting • careers • matchmaking

2 - 10 employees

👥 HR Tech

🤝 B2B

☁️ SaaS

Description

• The role is a leadership role within our Governance, Risk and Compliance team that will supervise professional-level employees and/or support employees. • The primary function of this role will be to manage the maintenance and expansion of Anthology’s Federal and State compliance programs. • In addition to helping build Anthology’s State/FedRAMP portfolios, you will also be actively involved in the emerging DISA compliance-related (e.g., RMF, CMMC, DISA IL-4, etc.) workstreams. • Primary responsibilities will include ensuring policies, practices, and procedures are understood and followed by direct reports, customers, and stakeholders. • Responsible for State and Federal regulatory compliance (TX-, State-, FedRAMP, IL-4, CMMC) – Government Compliance – in consultation with the CISO, as well as Finance, Sales, and Legal teams. • Providing subject matter expertise for FedRAMP and NIST 800-53 compliance standards and regulations. • Owning management and execution of the external audit calendar in consultation with business processes and agency/state sponsors. • Leading the completion of corrective and preventive actions for findings of Government Compliance audits and oversight of the Plan of Action and Milestones (POA&M) reporting process. • Ensuring that system vulnerability and penetration tests are executed per the State/Federal/Agency standards and results are clearly communicated to appropriate operational teams. • Working with operational teams to re-assess remediated systems. • Ensuring that continuous monitoring reporting is conducted, and the results made available to the applicable audience (FedRAMP, StateRAMP). • Ensuring annual reviews and updates of System Security Plans are conducted and enforcing the document control management process. • Management of the Vendor Risk Assessment program, in alignment with Legal, Privacy, and Procurement teams. • Ensuring Vendor Risk Assessments are conducted quickly, and results reported clearly to stakeholders, along with next steps, if applicable. • Owning the review and improvement of Vendor Risk Management processes. • Assisting in the identification of business process improvements and partnering with technology and business stakeholders to identify pragmatic approaches to compliance readiness and testing. • Collaborating cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of Government Compliance readiness and audit execution. • Assisting with forecasting, planning, and risk assessment relevant to expanding Government Compliance program in alignment with the company’s technology and sales strategies. • Maintaining and applying current industry knowledge and best practices. • Researching and recommending use of new technologies. • Project management including analysis of business requirements, creating, and updating project plans, and tracking projects to successful completion. • Managing personnel including mentoring and cross-training of team members to achieve business objectives. • Developing metrics and dashboards for reporting on Regulatory Compliance programs.

Requirements

• US Citizen • Effective organization, follow-up, and time management skills • 8-12 years of hands-on experience in IT audit and/or compliance • Strong documentation and communication skills • A recent hands-on concentration of work with the FedRAMP Framework (audit and compliance experience) • Strong background with NIST Risk Management Framework (SP 800-53) and a broad range of skills in the fields of NIST publications, FedRAMP requirements • Experience with control assessments and coordination of audit activities • Experience managing and achieving authorizations under FedRAMP program • Understanding of software development lifecycle methodologies, cloud and server infrastructure, LAN/WAN networking, VPN, and wireless networking infrastructures • Experiencing managing security staff, collaboration and relationship building with global teams • Ability to work both independently and within a global team environment • Ability to develop and foster strong relationships with technology and business stakeholders • Strong writing ability with a focus on communication of technical topics • Fluency in written and spoken English • Previous experience leading a Cloud Service Provider through a FedRAMP, StateRAMP, or IL-4 ATO process (preferred) • Previous experience at a SaaS company in a similar role (preferred) • Previous experience gaining an ATO or P-ATO for a cloud implementation (preferred) • Exposure to ISO27001, PCI, HIPAA/HITRUST, SOC 2 (preferred) • Industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor) (preferred) • Bachelor's Degree in Information Technology, Business, or related vocations (preferred)